GcmAuthenticationTagFormats Enumeration
This enumeration specifies the supported formats for Galois/Counter Mode (GCM) authentication tags. GCM is an authenticated encryption mode that provides both confidentiality and integrity for data. The authentication tag is a crucial component for verifying the integrity of the decrypted message.
Syntax
public enum GcmAuthenticationTagFormats
Remarks
When using GCM encryption, an authentication tag is generated along with the ciphertext. This tag is used during decryption to verify that the ciphertext has not been tampered with. Different cryptographic implementations might support different standard formats for these authentication tags. This enumeration helps in specifying or identifying which of these formats are being used or supported.
The use of GCM mode is prevalent in modern security protocols like TLS 1.2 and later, and IPSec, due to its efficiency and strong security guarantees. Understanding the supported tag formats is important for interoperability between different systems and for correct implementation of cryptographic operations.
Members
The following table lists the members of the GcmAuthenticationTagFormats enumeration:
| Member | Description |
|---|---|
128Bit |
Specifies a 128-bit (16-byte) authentication tag. This is a commonly used and recommended size for GCM. |
96Bit |
Specifies a 96-bit (12-byte) authentication tag. This format is often used for performance reasons, but 128 bits generally offers stronger security guarantees against forgery attacks. |
64Bit |
Specifies a 64-bit (8-byte) authentication tag. This format is less common and may not provide sufficient security for many applications. Its use should be carefully considered. |
Requirements
| Component | Value |
|---|---|
| Namespace | System.Net.Security |
| Assembly | System.Net.Primitives.dll |
See Also
System.Net.Security Namespace
CipherMode Enumeration
AesGcm Class
using System;
using System.Net.Security;
using System.Security.Cryptography;
public class GcmTagExample
{
public static void Main(string[] args)
{
// Example of specifying the tag format when using AesGcm
try
{
// Assume a key and nonce are generated
byte[] key = new byte[32]; // 256-bit key
byte[] nonce = new byte[12]; // 96-bit nonce is common for GCM
Array.Fill(key, (byte)0x01);
Array.Fill(nonce, (byte)0x02);
using (var aesGcm = new AesGcm(key, 96)) // Specify nonce length (96 bits)
{
byte[] plaintext = System.Text.Encoding.UTF8.GetBytes("This is a secret message.");
byte[] ciphertext = new byte[plaintext.Length];
byte[] tag = new byte[16]; // Allocate space for a 128-bit tag
// Encrypt and generate the tag
aesGcm.Encrypt(nonce, plaintext, ciphertext, tag, null);
Console.WriteLine($"Ciphertext length: {ciphertext.Length} bytes");
Console.WriteLine($"Authentication Tag (128-bit): {BitConverter.ToString(tag).Replace("-", "")}");
// To specify a different tag format during initialization,
// you would typically need a library that exposes this directly.
// The AesGcm class in .NET core primarily uses a 128-bit tag by default
// if space is allocated for it. For explicit control over tag size,
// you might need to use lower-level cryptographic APIs or custom logic.
// Example of how GcmAuthenticationTagFormats might be used conceptually:
GcmAuthenticationTagFormats desiredFormat = GcmAuthenticationTagFormats.128Bit;
Console.WriteLine($"\nDesired authentication tag format: {desiredFormat}");
// In a real scenario, you'd check if the library/API supports the desired format.
// For instance, if a function returned supported formats:
// var supportedFormats = GetSupportedGcmTagFormats(someAlgorithm);
// if (supportedFormats.Contains(desiredFormat)) { ... }
}
}
catch (CryptographicException e)
{
Console.WriteLine($"A Cryptographic error occurred: {e.Message}");
}
catch (ArgumentException e)
{
Console.WriteLine($"An argument error occurred: {e.Message}");
}
}
}
// Note: The actual GcmAuthenticationTagFormats enumeration is not directly
// used to construct AesGcm in .NET Core's public API for specifying tag size.
// The size is determined by the buffer provided for the tag. However, this
// enumeration is useful for documenting and communicating the supported tag lengths.
// A nonce length of 96 bits is a common recommendation for GCM.